Symantec reports the largest Malware scare in the Android Market, Lookout Mobile Security says no way

Symantec is reporting they found what they’re saying is the “highest distibution of any malware identified so far this year.” According to them, up to 5 million users are affected, but before everyone gets their panties in a bunch, they list the risk level as “very low,” not to mention this probably isn’t malware.

It’s called Android.Counterclank, and it can be found in the following applicatons:

Publisher

Malicious App Title

Category

iApps7 Inc

Counter Elite Force

Arcade & Action

iApps7 Inc

Counter Strike Ground Force

Arcade & Action

iApps7 Inc

CounterStrike Hit Enemy

Arcade & Action

iApps7 Inc

Heart Live Wallpaper

Entertainment

iApps7 Inc

Hit Counter Terrorist

Arcade & Action

iApps7 Inc

Stripper Touch girl

Entertainment

Ogre Games

Balloon Game

Sports Games

Ogre Games

Deal & Be Millionaire

Sports Games

Ogre Games

Wild Man

Arcade & Action

redmicapps

Pretty women lingerie puzzle

Photography

redmicapps

Sexy Girls Photo Game

Lifestyle

redmicapps

Sexy Girls Puzzle

Brain & Puzzle

redmicapps

Sexy Women Puzzle

Brain & Puzzle

The malicious code is grafted in a package called com.apperhand, which is found in each of the above apps. Upon installation the com.apperhand package could complete any of the below functions:

A major competitor, Lookout Mobile Security, a company we support here at TalkAndroid, say that this isn’t malware and is legitimate. The apperhand package is actually an aggressive advertising component, and part of a modified version of the “ChoopCheec” platform or “Plankton” SDK that caused a stir in June 2011. This newer version is cleaner, and Lookout said the following:

It is capable of identifying the user uniquely by their IMEI number, for instance. But unlike some networks, this SDK forward-hashes the IMEI before sending to its server. They’re identifying your device, but they are obfuscating the raw data. (That’s a good thing.)

The SDK has the capability to deliver Push Notification ads to the user. We’re not huge fans of push notifications, but we also don’t consider push notification advertising to be malware.

The SDK drops a search icon onto the desktop. Again, we consider bad form, though we don’t consider this a smoking gun for malware provided the content that is delivered is safe. In this case, it is simply a link to a search engine.

The SDK also has the capability to push bookmarks to the browser. In our opinion, this is crosses a line; although we do not believe this is cause to classify the SDK as malware.

And finally Lookout said:

“Of the applications that were originally identified as malicious, a subset of them have subsequently been pulled from the Android Market. However, it’s important to note that this does not include all identified applications, and reasons for removal may also include content, copyright, or other violations of the Android Market’s Terms of Service.”

The story of Android security continues, and it simply creates great press. Is malware and trojans an issue for Android? I won’t say it isn’t, but there really hasn’t been any major catastrophes as some of these articles and posts would like you to believe. It’s the job of the security firms to make money, so putting a little extra fear into the public’s mindset isn’t a bad thing to them, but at the same time we have to educate ourselves by reading beyond the titles.

Robert lives in upstate New York where he was born and raised. Technology was always his passion. His first computer was a Radio Shack TRS80 Color that used a cassette tape to save programs, and his first laptop was a Toshiba T1200FB that sported a CGA greyscale screen and two 720kb floppy drives (no hardrive).
From the early 90’s through late 2011, he only owned Motorola phones starting with the MircroTAC all the way through to the Droid X. He broke that streak when he bought the Galaxy Nexus. Now he's sporting a Galaxy Note 4, and absolutely loves it.
He has a wonderful wife and a 6 year old son. In his free time he enjoys sports, movies, TV, working out, and trying to keep up with the rapid fast world of technology.

Joeschmoe2008

Symantec has been in the news lately for their PC Checkup Tool being described as “scareware”. In connection to this, there were articles critical of Symantec regarding their PC Checkup Tool and those articles were unavailable to many who use the Norton DNS service.

Scum

Symantec blows

Patrick West

Avast. Use it.

Someone

As long as you stay in the market, you don’t need av. by the time the virus definitions are updated, google had already pulled the offending allocations.

sabrina D

After the source code leak so many who used symantec are refusing to get their products!!!

http://pulse.yahoo.com/_52T6CKJDHR7I6P7LYWGHD6VG5A Mark

Symantec request it’s user’s to disable it’s anti-virus due to the hacking.